What you should know about password management

Learn how good password practices can help protect your business

September 7, 2022Manhattan Tech Support

Business IntelligenceCloud ServicesIT Consulting & StrategySecuritySoftware DevelopmentTech Support & Managed IT ServicesConstructionEducationFinanceHealthcareLegalNon-ProfitsReal EstateStartups

For a lot of people, passwords are one of the worst parts of dealing with technology. It’s not that we don’t want things to be secure, we do, but password management is hard. Making sure that you not only have a strong password, but that it’s unique to one place, and something you can remember is almost impossible. 

But, like them or hate them, passwords go a long way in helping you protect your business. The challenge is helping your team create password habits that ensure strong passwords. 

password management

The challenges with (traditional) password management

Perhaps the biggest challenge with password management is that people struggle with them. We struggle to come up with strong passwords that meet very specific criteria, we struggle to remember those passwords, and we even struggle to create unique passwords for each site and service we use.

This is bad enough on a personal level, but when your business is on the line it becomes critical. The best approach is to find a way to remove the more human aspect of password management. If you can do this, you improve the quality of the passwords being used, create better habits around storing those passwords (like getting rid of plain text spreadsheets or Word docs with passwords stored on them), and you can all but eliminate employees using personal passwords at work.

What is a password manager?

A password manager is a security tool that looks after all things passwords. It stores them securely, so you don’t have to write them down. It can help you come up with strong passwords that meet the criteria you need for a password. And, password managers will often cut and paste your passwords (and other login data) into forms, to make sure you don’t enter the wrong password.

What’s really nice about password managers is that a lot of them exist in the cloud and can be used across devices. This means that you can sign up for a tool on your computer that helps you manage passwords on your tablet, phone, and any other compatible devices, so you have complete password coverage.

Password managers remove a lot of the human error from your security process (at least relating to passwords). This helps because, as mentioned above, passwords are something people struggle with and cybercriminals know this. It’s not usual for “dictionary attacks” to successfully guess a user’s password. This kind of attack basically runs through a dictionary in an attempt to guess your password. The more people rely on real words as passwords, the easier this can be.

The best practices while using a password manager

Password managers introduce best practices into your life simply by existing. They make it easy to create strong passwords that you don’t even need to remember because of their auto-complete features. Having said that, it’s always a good idea to review best practices.

  • Don’t use the same passwords This should be common practice by now, but it can be so hard to come up with a strong password that you remember that a lot of people end up doing it anyway. This is bad because if someone can crack your password for, say, your Gmail account, they have access to everything else you’ve ever used that password for. Password managers help by storing passwords for you, so you can use unique, hard-to-remember passwords for every site and service you use without much trouble.
  • Don’t use obvious words – We mentioned above how easy it can be to crack passwords that use real words. The same holds true for variations of real words and even things that are close to your name. If someone has your last name and you’re using a password that contains your last name, it’s going to be cracked pretty quickly. This is why most places require a password to have a mix of numbers, letters, and symbols.
  • Backup your data – If you can, regularly back up your password data. This helps ensure that if something goes horribly wrong, there is always a backup. Most 3rd party systems should have a solid backup system in place anyway, but it can’t hurt to regularly backup your data manually, just in case. No one wants to recreate every password they’re using.
  • Choose a tool that you can easily use – As with most things, you can’t choose a tool that’s too complex or people aren’t going to use it. This isn’t limited to employees. If it’s hard to deploy, it also won’t get used. Find something that can be easily implemented and is super user-friendly.
  • Use two-factor authentication (2FA) whenever possible 2FA adds another layer of security that protects your business. With 2FA, you’re using a password, but also asked to verify using a secondary device, like your phone. This ensures that even if someone does learn your password they can’t access your business network without also having access to the device. When used in combination with a password manager (or if your password manager offers 2FA) you greatly reduce the chance of someone gaining access to your business data.
  • Use something that works across all platforms – A password manager is useless if it doesn’t help with all devices you use for work. Make sure you use something that can be used on both Android and iPhone, as well as PCs and Apple computers.
  • Use passwords generated by the manager – We’ll touch on this a bit more below, but if you have the option to use generated passwords, use them. Doing this eliminates a lot of the bad habits that can creep up when we choose passwords. You may have to tweak things a little to make sure that the generated password fits the requirements, but often you don’t have to do much. 

The ideal change cycle

It wasn’t that long ago that it was recommended that you change passwords regularly, at least once a quarter, to make sure everything was as secure as possible. Recently, however, there’s been a shift in this thinking. Security organizations are starting to recommend that you pick a very strong password and stick with it.

The reasoning behind this shift is that if you make people pick a new password every few months, they’re eventually going to struggle to come up with new, strong passwords and rely on bad habits, like taking the same password from the last cycle and either adding another character or changing one character. 

Want help with password management?

Like a lot of things, password management can be a lot of work. If your IT team needs help making sure that your business is using good passwords or if you need to get a password manager in place, let’s talk. Our teams have more than 20 years of experience and can help you keep your business safe. Contact us today to learn more about how we can help.

Related Articles

AI trends in IT management

calendar March 22, 2023

author Manhattan Tech Support

Artificial Intelligence Business Intelligence Cloud Services Cyber Insurance IT Consulting & Strategy Tech Support & Managed IT Services Construction Education Finance Healthcare Legal Non-Profits Real Estate Startups

AI trends in IT management

AI is on everyone’s minds these days. ChatGPT3 and OpenAi have brought what’s possible to the mainstream in a way we haven’t seen outside of movies before. If you’ve spent any time following the trends online, there’s a lot of

Read More
Best Microsoft 365 features for 2023

calendar March 15, 2023

author Manhattan Tech Support

Business Intelligence Cloud Services IT Consulting & Strategy Software Development Tech Support & Managed IT Services Construction Education Finance Healthcare Legal Non-Profits Real Estate Startups

Best Microsoft 365 features for 2023

Microsoft’s office suite (now called Microsoft 365) has come a long way from its early days as a word processor and spreadsheet platform. These days, Microsoft 365 is a powerhouse of productivity tools that handle everything from word processing to

Read More
Digital Trust – what is it and how does it affect your business

calendar March 8, 2023

author Manhattan Tech Support

Business Intelligence Cloud Services Cyber Insurance IT Consulting & Strategy Security Tech Support & Managed IT Services Telecommunications Construction Education Finance Healthcare Legal Non-Profits Real Estate Startups

Digital Trust – what is it and how does it affect your business

It seems we hear new stories about cybercrime every day. The stories range from huge ransomware attacks on hospitals to city infrastructure being compromised. It might seem like this isn’t something that you and your business need to worry about,

Read More